package com.shungen.apicloud.aop;

import com.shungen.apicloud.annotation.AuthCheck;
import com.shungen.apicloud.common.ErrorCode;
import com.shungen.apicloud.exception.BusinessException;
import com.shungen.apicloud.exception.ThrowUtils;
import com.shungen.apicloud.model.enums.UserRoleEnum;
import com.shungen.apicloud.service.UserService;
import com.shungen.apicloud.utils.JWTUtil;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

/**
 * 权限校验 AOP
 */
@Aspect
@Component
public class AuthInterceptor {

    @Resource
    private UserService userService;


    /**
     * 执行拦截，给添加了AuthCheck注解的方法提前检查登录用户是否有权限
     * @param joinPoint
     * @param authCheck
     * @return
     * @throws Throwable
     */
    @Around("@annotation(authCheck)")
    public Object doInterceptor(ProceedingJoinPoint joinPoint, AuthCheck authCheck) throws Throwable {
        String mustRole = authCheck.mustRole();
        HttpServletRequest request = getCurrentHttpRequest();
        //这里要求必须登录，否则报错
//        User loginUser = userService.getLoginUser(request);
        //这里改为从token里面提取信息
        String token = request.getHeader("token");
        ThrowUtils.throwIf(token == null,ErrorCode.NOT_LOGIN_ERROR,"未登录");
        ThrowUtils.throwIf(!JWTUtil.verifyToken(token),ErrorCode.PARAMS_ERROR,"token无效");
        //提取用户角色信息
        String userRole = JWTUtil.getClaimFromToken(token, "userRole");
        UserRoleEnum loginUserRole = UserRoleEnum.getEnumByValue(userRole);
        ThrowUtils.throwIf(loginUserRole == null,ErrorCode.PARAMS_ERROR,"用户用有无效权限");
        if (StringUtils.isNotBlank(mustRole)) {
            if(loginUserRole.getValue().equals(UserRoleEnum.BAN.getValue())){
                throw new BusinessException(ErrorCode.NO_AUTH_ERROR,"用户账号被封禁");
            } else if(!loginUserRole.getValue().equals(mustRole)){
                throw new BusinessException(ErrorCode.NO_AUTH_ERROR,"无权限");
            }else{

            }
        }
        return joinPoint.proceed();
    }
    private HttpServletRequest getCurrentHttpRequest() {
        RequestAttributes requestAttributes = RequestContextHolder.currentRequestAttributes();
        return ((ServletRequestAttributes) requestAttributes).getRequest();
    }

    /*
    private void checkUserRole(User loginUser, String mustRole) {
        UserRoleEnum mustUserRoleEnum = UserRoleEnum.getEnumByValue(mustRole);
        if (mustUserRoleEnum == null) {
            throw new BusinessException(ErrorCode.NO_AUTH_ERROR, "Invalid role specified");
        }

        String userRole = loginUser.getUserRole();


        //如果要求角色是被封号，则直接拒绝
        if (UserRoleEnum.BAN.equals(mustUserRoleEnum)) {
            throw new BusinessException(ErrorCode.NO_AUTH_ERROR, "User is banned");//意思是该方法只对封号的人使用，说明该方法基本不用了，所以一律拒绝
        }

        if (UserRoleEnum.ADMIN.equals(mustUserRoleEnum) && !mustRole.equals(userRole)) {
            throw new BusinessException(ErrorCode.NO_AUTH_ERROR, "User lacks admin privileges");
        }
    }
     */
}

